[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #6011 [Company]: Write up proposal outline for build security



#6011: Write up proposal outline for build security
-----------------------------+----------------------------------------------
 Reporter:  mikeperry        |          Owner:  mikeperry
     Type:  project          |         Status:  new      
 Priority:  major            |      Milestone:           
Component:  Company          |        Version:           
 Keywords:  MikePerry201206  |         Parent:           
   Points:                   |   Actualpoints:           
-----------------------------+----------------------------------------------
 #3688 is probably just the start of getting our build security where it
 needs to be, and even that may require a lot of baby steps before the
 solution is realized.

 Once that's done, we should create a build and update deployment process
 that is akin to the Tor dirauth consensus process: N independent machines
 creating identical builds and detached signatures, and the build only gets
 published if all manage to agree.

 It will also be a lot of work even to get to a manual version of this
 process. We should figure out how to break the plan into more baby steps
 and write funding proposal(s) for them.

 The ultimate goal should be to get full funding to deploy our autoupdater
 with this multi-key validation process so that other organizations can use
 it. That will require even more funding and work.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6011>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs